From securing a dedicated firewall, to replicating your Active Directory to the cloud, to backing up your files via Distributed File System – there are several best practices for disaster recovery available through a dinCloud infrastructure. Here I’ve detailed those built-in protections from dinCloud.
Unlike many competitors, dinCloud dedicates 1 virtual firewall per customer and has charged $95/month for that component and just like every offering – we have NO DATA TRANSFER FEES of any kind over any connection in/out/across our networks (Internet, MPLS, VPN, inter-availability zone, etc). I checked Amazon last month and the smallest version of this Vyatta appliance in their marketplace was $251/month and to do a single VPN connection was $36/month. PLUS they were charging data transfer fees! So $95 at dinCloud is real bang for the buck! As soon as you spin up your first virtual server or hosted virtual desktop (HVD) at dinCloud, the firewall spins up automatically and creates a “virtual private data center” for you with 1 interface to the Internet and 1 interface on the private side of your protected bubble in the Cloud. From there you can buy additional public IPs, put any private IP you want on the private side interface or create additional private networks on the backend of the firewall, create NAT policies, enforce firewall rules and much more.
That said, we are pleased to announce that we are coding for a NEW FIREWALL that will come out summer 2015: The Cisco ASAv.
What can you expect from the new Cisco ASAv firewalls?
- Enhanced cryptography options supporting the latest standards
- Remote access VPN using Cisco AnyConnect client software for Windows, Mac, Linux, iPAD, Android and other devices with authentication against your Microsoft Active Directory for users who are part of the “dinCloud-Cisco-rVPN” group you create + set to “allow” for dial-in on their AD account. That makes this very easy to manage on your end without opening a support ticket!.
- Web GUI and CLI access to the firewall controlled by AAA policies on our end which will restrict functions like adding/changing IP addresses but allow you to perform many functions on the firewall yourself that aren’t already coded into dinManage. Exact functionality TBD, but we feel this will give you greater visibility to firewall logs, various features & more!
- Web URL filtering options via WebSense or SmartFilter. We’ll add other choices as well
- Future IPS offerings due to Cisco’s acquisition of SourceFire (snort, etc).
- RESTful API interface
Microsoft Active Directory
Today, within your first 15 minutes of signing up for a dinManage account it’s easy to spin up a windows server, a p2p VPN to your on-site location, then replicate AD to the Cloud. Keep in mind you can also spin up a Microsoft AD server at another dinCloud data center (i.e. LA3/CH3 etc) for even more protection. Having your logins, GPO’s and other policies off-site is the first step in any disaster recovery strategy.
Today, if you ask sales, we can finalize a quote and spin up a Riverbed Stingray Traffic Manager load balancer for you. We’ll automate these into dinManage this year but just know they exist and like virtual firewalls, they are dedicated to your environment. If key components are provided as part of a CSP’s cloud orchestration process instead of a dedicated per-customer virtual appliance, I would seriously question the security of that architecture!
Microsoft Distributed File System (DFS) or Egnyte
It’s always been best practice NOT to keep your files on your local physical PC and this is also true in a virtual desktop. If government sponsored malware, rootkit or another dark art masterpiece of destruction creeps into your virtual desktop, you are going to want to spin that up fresh from a virgin template. The joy of Cloud is that all your apps can be embedded in the template so all you need is your data back. I highly recommend purchasing Egnyte.com from dinCloud at a HUGE discount from us when bundled with a Hosted Virtual Desktop or even a la Carte (no HVD purchase required) because it will give you access to your files from physical, virtual & mobile devices PLUS a wide range of enterprise features that dropbox, box.net and others simply do not provide. At a minimum, use Microsoft DFS ($500 setup fee if we do it for you) to replicate all of your on-site/cloud file share servers together so they are protected by our daily snapshot system.
It doesn’t stop there. For more on how dinCloud can make your disaster recovery strategy fail-proof, fill out our contact information form and one of our cloud specialists will contact you.
See part II of this blog on cloud backup.